From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35219) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ctBd7-0003YI-48 for qemu-devel@nongnu.org; Wed, 29 Mar 2017 07:19:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ctBd2-0004C2-9n for qemu-devel@nongnu.org; Wed, 29 Mar 2017 07:19:09 -0400 Received: from mx1.redhat.com ([209.132.183.28]:56376) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ctBd2-00049c-1I for qemu-devel@nongnu.org; Wed, 29 Mar 2017 07:19:04 -0400 From: Markus Armbruster References: <20170328210014-mutt-send-email-mst@kernel.org> <8737dwr35o.fsf@dusky.pond.sub.org> <862ea872-423a-8394-3ed5-250b0a3d2ba2@redhat.com> Date: Wed, 29 Mar 2017 13:18:56 +0200 In-Reply-To: <862ea872-423a-8394-3ed5-250b0a3d2ba2@redhat.com> (Thomas Huth's message of "Wed, 29 Mar 2017 12:44:27 +0200") Message-ID: <87lgromiu7.fsf@dusky.pond.sub.org> MIME-Version: 1.0 Content-Type: text/plain Subject: Re: [Qemu-devel] qemu-devel mailing list vs DMARC and microsoft.com's p=reject policy List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Thomas Huth Cc: "Michael S. Tsirkin" , Peter Maydell , Stefan Hajnoczi , QEMU Developers , Andrew Baumann Thomas Huth writes: > On 29.03.2017 08:46, Markus Armbruster wrote: >> "Michael S. Tsirkin" writes: >> >>> On Tue, Mar 28, 2017 at 06:35:55PM +0100, Peter Maydell wrote: >>>> Hi; it's been pointed out to me that we have a problem with qemu-devel >>>> unsubscribing people because of DMARC. Specifically: >>>> * microsoft.com publishes a DMARC policy that has p=reject >>>> * some subscribers use mail systems that honour this and send bounces >>>> for non-verifying emails from those domains >>>> * the mailing list software (mailman) modifies emails that pass through >>>> it, among other things adding the "[qemu-devel]" subject tag, in >>>> a way that means that signatures no longer verify >>>> * bounces back to mailman as a result of mailing list postings from >>>> microsoft.com people can then cause people to be unintentionally >>>> unsubscribed >>>> >>>> This is kind of painful. https://wiki.list.org/DEV/DMARC has the >>>> Mailman wiki information on the subject. In an ideal world nobody >>>> would use p=reject because it breaks mailing lists. In the actual >>>> world we have a few choices: >>>> >>>> (1) I could set dmarc_moderation_action=Reject >>>> * this means nobody can subscribe if they've set their dmarc policy >>>> to reject (the "if you don't believe in mailing lists we don't >>>> believe in you" policy). >>>> * there is a certain purity to this option, in that it is pushing >>>> the costs of this unhelpful mail config back on the organisations >>>> which have chosen it; on the other hand I'm reluctant to make >>>> life harder for people who are contributing to the project >>>> and who typically don't have much say over corporate email config. >>>> (2) I could reconfigure mailman to try to not rewrite anything that >>>> we think is likely to be signed (in particular not the body or the >>>> subject) >>>> * this means dropping the [qemu-devel] tag from the subject, which I'm >>>> a bit reluctant to do (it seems likely at least some readers are >>>> filtering on it, and personally I quite like it) >>>> * if anybody DKIM-signs the Sender: header we're stuck anyway >>> >>> For the record I'd strongly prefer this option - I tag all list mail >>> and so "qemu-devel" appears twice: in subject and as a tag. >>> Also, if mail is copied to another list, qemu-devel will >>> still appear as gmail de-duplicates email by msg id. >>> I can remove tags I don't care about but can't remove >>> subject prefixes. >> >> Seconded. Mailing lists messing with the subject to "help" users with >> filtering just complicate it. >> >> Filtering on List-Id isn't any harder, and has the added advantage that >> it actually works. > > The problem is that some mail clients are rather limited and you can > only filter via title there - so I guess some people would complain we > removed the tag from the subject. Some people might have to switch to less crippled^W^Wmore capable software. Thank me later. > Apart from that, I've also seen mailman messing up white spaces in the > body of e-mails, so this likely would only solve parts of this problem. Assuming that's still the case, and not a mailman configuration issue: mailman bug.